X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet%2Finclude%2Fnetinet%2Fip_fw.h;h=743d90810b50587564efdab028b1862ea48ca3f4;hb=7f9fafbbf8a2c3d7a4b9aab56d63d9ee6f4bed82;hp=694983a90e09b1da39f09d664b8d94936b1f4e7b;hpb=5ad9fec40da13c449d50def12f9cea6e24b6a708;p=ipfw.git

diff --git a/dummynet/include/netinet/ip_fw.h b/dummynet/include/netinet/ip_fw.h
index 694983a..743d908 100644
--- a/dummynet/include/netinet/ip_fw.h
+++ b/dummynet/include/netinet/ip_fw.h
@@ -653,13 +653,6 @@ int ipfw6_unhook(void);
 void ipfw_nat_destroy(void);
 #endif
 
-#define IPFW_HAVE_SKIPTO_TABLE
-
-struct _rulepointer {
-	struct ip_fw *rule;
-	uint32_t id;
-};
-
 VNET_DECLARE(int, fw_one_pass);
 VNET_DECLARE(int, fw_enable);
 #define	V_fw_one_pass		VNET(fw_one_pass)
@@ -672,6 +665,7 @@ VNET_DECLARE(int, fw6_enable);
 
 struct ip_fw_chain {
        struct ip_fw    *rules;         /* list of rules */
+       struct ip_fw    *default_rule;
        struct ip_fw    *reap;          /* list of rules to reap */
        LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
        struct radix_node_head *tables[IPFW_TABLES_MAX];
@@ -681,8 +675,20 @@ struct ip_fw_chain {
        struct rwlock   rwmtx;
 #endif /* !__linux__ */
 	uint32_t	id;		/* ruleset id */
-	struct _rulepointer skipto_pointers[64*1024];
-	struct new_hash_table *global_tables[128];
+	/*
+	 * To optimize jumps, we use a table with skipto_entries pointers
+	 * (a power of 2, set with a sysctl depending on available memory).
+	 * Entry i points to the first rule i*64k/n <= n < (i+1)*64k/n.
+	 * On insert/delete we simply update the relevant entry
+	 * with O(1) additional cost. Updates to the sysctl variable
+	 * that controls the table are managed at the next add/delete.
+	 */
+	int skipto_shift; /* shifts to compute the index in skipto-ptrs */
+	int skipto_size; /* number of entries in the table */
+	struct ip_fw **skipto_ptrs;
+#ifdef IPFW_HASHTABLES
+	struct ipfw_ht *hashtab[IPFW_TABLES_MAX];
+#endif
 };
 
 #ifdef IPFW_INTERNAL